昨天系统还好好的，今天下午开机时发现进程里多了一项IEXPLORE.EXE,用户名显的是System而不是我的名字，我有点奇怪，因为我平时都是用Tencent的TT浏览网页，除非弹出窗口会显示iexplore.exe一般不会出现的，并且是系统进程。然后过了一会卡巴6.0互联网套装提示说有木马要被下载，好像是是个类似http://sz.sfxxx.com/qq.exe,我选择了拒绝并应用到所有。之后又用安全卫士360扫了一遍，发现了木马services，我选择清除，360也提示清除了。
  之后我不放心，就把C盘格了，用中午刚做的ghost镜像企盼着中午的时候别中招，结果恢复后。发现进程里还是有IEXPLORE.exe，又用360扫，没有发现之前的木马，卡巴也没有报那个qq.exe，但是这个进程很奇怪。郁闷啊。我把之前的3月21号的镜像给删除了，那时的系统还好着呢，甚至昨天还没有这个现象。我把那个进程结束了，之后过一会儿又出现了

    请各位大大费个神和眼睛救我于水火之中啊，先谢谢了。实在不想重装了，这个系统已经算是很长寿了，将近一年多了，一直是备份，就是上个月太懒了。唉~
下面是我用sreg扫的报告，麻烦各位了

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[black / black][Stopped/Disabled]
  <System32\drivers\BlackDrv.sys><N/A>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver][Running/System Start]
  <\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[LC3 Packet Driver / lc3pkt_2.1][Stopped/Manual Start]
  <\??\C:\Program Files\@stake\LC4\lc3pkt.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Motorola USB Device / P2k][Stopped/Manual Start]
  <system32\DRIVERS\P2k.sys><Motorola Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RapDrv / RapDrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\RapDrv.sys><N/A>
[RapFile / RapFile][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\RapFile.sys><N/A>
[RapNet / RapNet][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\RapNet.sys><N/A>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[OTI Serial port driver / SER120][Stopped/Manual Start]
  <system32\DRIVERS\SER120.sys><USB Com port.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Vstor2 Virtual Storage Driver / vstor2][Running/Auto Start]
  <\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XPROTECTOR / XPROTECTOR][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Oreans.sys><N/A>
[XScanPF / XScanPF][Stopped/Manual Start]
  <\??\D:\学习\X-Scan-v3.3\dat\xpf.sys><N/A>
[Vimicro USB PC Camera(ZC0301PL) / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Thunder Browser Helper]
  {761497BA-D6F0-462C-B6EB-D4DAF1D92D43} <F:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll, Sun Microsystems, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[&Google Notebook]
  {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} <C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1086194881.dll, N/A>
[Java Plug-in 1.5.0_08]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll, Sun Microsystems, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\Program Files\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Google 笔记本]
  {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} <C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1086194881.dll, N/A>
[MoxtvUploadX Control]
  {30348281-949B-4E9F-8A99-44EC423EB66D} <C:\WINDOWS\DOWNLO~1\MOXUPL~1.OCX, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Java Plug-in 1.5.0_08]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll, Sun Microsystems, Inc.>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Java Plug-in 1.5.0_08]
  {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[MoxtvUploadX Control]
  {30348281-949B-4E9F-8A99-44EC423EB66D} <C:\WINDOWS\DOWNLO~1\MOXUPL~1.OCX, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Thunder Browser Helper]
  {761497BA-D6F0-462C-B6EB-D4DAF1D92D43} <F:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[&Google Notebook]
  {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} <C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1086194881.dll, N/A>
[Google 笔记本]
  {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} <C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1086194881.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <F:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <F:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <F:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <F:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[记录此页（Google 笔记本）]
  <res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1086194881.dll/gn_menu1.html, N/A>
[记录（Google 笔记本）]
  <res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1086194881.dll/gn_menu2.html, N/A>

<font color=#FF0000>==================================<br>正在运行的进程<br>[PID: 572][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 676][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]<br>    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]<br>[PID: 752][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 764][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 912][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]<br>    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]<br>[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 1000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 1080][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]<br>[PID: 1212][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 1264][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 1416][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]<br>[PID: 1636][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]<br>    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]<br>[PID: 1728][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]<br>    [F:\Program Files\TrueLaunchBar\tlb.dll]  [TrueSoft, 3.2.0.0]<br>    [F:\Program Files\TrueLaunchBar\int\2052\tlb_res.dll]  [TrueSoft, 3.2.2.0]<br>    [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]<br>[PID: 1888][C:\Program Files\ewido anti-spyware 4.0\guard.exe]  [Anti-Malware Development a.s., 4, 0, 0, 172]<br>    [C:\Program Files\ewido anti-spyware 4.0\engine.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]<br>[PID: 1964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 244][c:\windows\system32\webpnt.exe]  [Microsoft Corporation, 5.2600.2180]<br>[PID: 164][C:\Program Files\????\??? V1.77\qyzngj.exe]  [????, 1.77]<br>[PID: 1064][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 2104][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 2132][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 2968][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]<br>[PID: 3796][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]<br>[PID: 1228][C:\Documents and Settings\??\桌面\SREng\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]<br>    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]<br><br>==================================<br>文件关联<br>.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]<br>.EXE  OK. ["%1" %*]<br>.COM  OK. ["%1" %*]<br>.PIF  OK. ["%1" %*]<br>.REG  OK. [regedit.exe "%1"]<br>.BAT  OK. ["%1" %*]<br>.SCR  OK. ["%1" /S]<br>.CHM  OK. ["C:\WINDOWS\hh.exe" %1]<br>.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]<br>.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]<br>.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]<br>.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]<br>.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]<br>.LNK  OK. [{00021401-0000-0000-C000-000000000046}]<br><br>==================================<br>Winsock 提供者<br>N/A<br>==================================<br>Autorun.inf<br>N/A<br>==================================<br>HOSTS 文件<br>127.0.0.1      localhost<br>==================================</font>

同病相怜啊，ME TOO

救命啊。
我用卡卡助手看到那个IE打开的是http://www.feeip.com/index.htm
卡巴提示说有
已检测到: 木马程序 Trojan-Downloader.Win32.Agent.voURL: http://sf.sf325.com/kyo/qq.exe

我在hosts里写上了
127.0.0.1    http://www.feeip.com
127.0.0.1    http://sf.sf325.com
可能暂时能避一避下

一样...
我也是这样...
开机就会自动出现个iexplorer.exe
我平时都是用遨游浏览器的
超奇怪的...

顶上去继续问
我也是这样，真奇怪

中灰鸽子了嘿嘿

我感觉我不是中了灰鸽子。因为很多木马都是伪装成iexplore.exe
，但是这个调用了c:\program files\internet explore\iexplore.exe，是在后台打开了某个网页，
比如http://www.feeip.com/index.com
http://www.haveip.com
似乎是google的广告，是为了赚流量和点击的。

我3月29号用过windows优化大师，清理过，因为有那天的注册表备份，我试着恢复了下，今天开机后，发现进程里已经没有那个进程了。

赶紧备份啊。不过还是希望有人能解决这个问题。
还有，上面的两个网页都是转接到google，不知道是怎么回事

同样的问题，　　恶意助手提示，iexplorer.exe　这是个病毒木马程序，开机后自动运行该进程，结束后又会自动启动，删除后，但是现在这个问题我已经解决了，　　就是先从网上下个傲游的　浏览器．　　在将　iexplorer.exe　　强制删除，　　以后就用傲游上网了，